MidnightBSD

Advisories for sendmail

CVE-1999-0478 MEDIUM

Denial of service in HP-UX sendmail 8.8.6 related to accepting connections.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sendmail sendmail *
CVE-1999-1109 MEDIUM

Sendmail before 8.10.0 allows remote attackers to cause a denial of service by sending a series of ETRN commands then disconnecting from the server, while Sendmail continues to process the commands after the connection has been terminated.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sendmail sendmail *
CVE-1999-1309 HIGH

Sendmail before 8.6.7 allows local users to gain root access via a large value in the debug (-d) command line option.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sendmail sendmail *
CVE-1999-1580 HIGH

SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding host argument, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable and passing crafted values to the -oR option.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sendmail sendmail 5.59
sun sunos 4.1.4jl
sun sunos 4.1.2
sun sunos 4.1.4
sun sunos 4.1.3c
sendmail sendmail 5.65
sun sunos 4.1.1
sendmail sendmail 5.61
sun sunos 4.1.3
sun sunos 4.1.3u1
CVE-1999-1592 HIGH

Multiple unspecified vulnerabilities in sendmail 5, as installed on Sun SunOS 4.1.3_U1 and 4.1.4, have unspecified attack vectors and impact. NOTE: this might overlap CVE-1999-0129.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sendmail sendmail 5
CVE-2001-0653 MEDIUM

Sendmail 8.10.0 through 8.11.5, and 8.12.0 beta, allows local users to modify process memory and possibly gain privileges via a large value in the 'category' part of debugger (-d) command line arguments, which is interpreted as a negative number.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sendmail sendmail 8.11.3
sendmail sendmail 8.11.0
sendmail sendmail 8.11.4
sendmail sendmail 8.11.1
sendmail sendmail 8.12
sendmail sendmail 8.11.2
sendmail sendmail 8.11.5
CVE-2001-0713 MEDIUM

Sendmail before 8.12.1 does not properly drop privileges when the -C option is used to load custom configuration files, which allows local users to gain privileges via malformed arguments in the configuration file whose names contain characters with the high bit set, such as (1) macro names that are one character long, (2) a variable setting which is processed by the setoption function, or (3) a Modifiers setting which is processed by the getmodifiers function.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sendmail sendmail *
CVE-2001-0714 LOW

Sendmail before 8.12.1, without the RestrictQueueRun option enabled, allows local users to cause a denial of service (data loss) by (1) setting a high initial message hop count option (-h), which causes Sendmail to drop queue entries, (2) via the -qR option, or (3) via the -qS option.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sendmail sendmail *
CVE-2001-0715 LOW

Sendmail before 8.12.1, without the RestrictQueueRun option enabled, allows local users to obtain potentially sensitive information about the mail queue by setting debugging flags to enable debug mode.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sendmail sendmail *
CVE-2001-1349 LOW

Sendmail before 8.11.4, and 8.12.0 before 8.12.0.Beta10, allows local users to cause a denial of service and possibly corrupt the heap and gain privileges via race conditions in signal handlers.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sendmail sendmail 8.11.3
sendmail sendmail 8.11.0
sendmail sendmail 8.10.1
sendmail sendmail 8.11.1
sendmail sendmail 8.10
sendmail sendmail 8.12
sendmail sendmail 8.11.2
sendmail sendmail 8.10.2
CVE-2002-0906 HIGH

Buffer overflow in Sendmail before 8.12.5, when configured to use a custom DNS map to query TXT records, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malicious DNS server.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sendmail sendmail 8.12.0
sendmail sendmail 8.12.1
sendmail sendmail 8.12.3
sendmail sendmail 8.12.4
CVE-2002-1165 MEDIUM

Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, 8.11.6-15, and possibly other versions after 8.11 from 5/19/1998, allows attackers to bypass the intended restrictions of smrsh by inserting additional commands after (1) "||" sequences or (2) "/" characters, which are not properly filtered or verified.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netbsd netbsd 1.5.1
sendmail sendmail 8.12.0
netbsd netbsd 1.5.2
netbsd netbsd 1.5.3
netbsd netbsd 1.5
sendmail sendmail 8.12.1
sendmail sendmail 8.12.3
sendmail sendmail 8.12.6
sendmail sendmail 8.12.4
netbsd netbsd 1.6
sendmail sendmail 8.12.2
sendmail sendmail 8.12.5
CVE-2002-1337 HIGH

Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
gentoo linux 1.4
hp hp-ux 10.20
netbsd netbsd 1.5.2
netbsd netbsd 1.5.3
hp hp-ux 11.11
hp hp-ux 11.22
sun sunos 5.8
netbsd netbsd 1.6
oracle solaris 2.6
netbsd netbsd 1.5.1
oracle solaris 8
windriver bsdos 5.0
sun sunos -
windriver bsdos 4.2
hp hp-ux 11.0.4
sendmail sendmail *
sun sunos 5.7
hp hp-ux 10.10
oracle solaris 7.0
hp alphaserver_sc *
netbsd netbsd 1.5
windriver platform_sa 1.0
hp hp-ux 11.00
oracle solaris 9
windriver bsdos 4.3.1
CVE-2002-1827 LOW

Sendmail 8.9.0 through 8.12.3 allows local users to cause a denial of service by obtaining an exclusive lock on the (1) alias, (2) map, (3) statistics, and (4) pid files.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sendmail sendmail 8.9.1
sendmail sendmail 8.11.6
sendmail sendmail 8.12.0
sendmail sendmail 8.11.0
sendmail sendmail 8.9.3
sendmail sendmail 8.12
sendmail sendmail 8.11.2
sendmail sendmail 8.9.0
sendmail sendmail 8.11.5
sendmail sendmail 8.11.3
sendmail sendmail 8.9.2
sendmail sendmail 8.12.1
sendmail sendmail 8.12.3
sendmail sendmail 8.11.4
sendmail sendmail 8.10.1
sendmail sendmail 8.11.1
sendmail sendmail 8.10
sendmail sendmail 8.12.2
sendmail sendmail 8.10.2
CVE-2002-2261 HIGH

Sendmail 8.9.0 through 8.12.6 allows remote attackers to bypass relaying restrictions enforced by the 'check_relay' function by spoofing a blank DNS hostname.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
sendmail sendmail 8.11.0
sendmail sendmail 8.12
sendmail sendmail 8.11.5
sendmail sendmail 8.9.2
sendmail sendmail 8.12.3
sendmail sendmail 8.11.4
sendmail sendmail 8.10.1
sendmail sendmail 8.11.1
sendmail sendmail 8.12.6
sendmail sendmail 8.11.7
sendmail sendmail 8.12.2
sendmail sendmail 8.10.2
sendmail sendmail 8.9.1
sendmail sendmail 8.11.6
sendmail sendmail 8.12.0
sendmail sendmail 8.10.0
sendmail sendmail 8.9.3
sendmail sendmail 8.11.2
sendmail sendmail 8.9.0
sendmail sendmail 8.11.3
sendmail sendmail 8.12.1
sendmail sendmail 8.10
sendmail sendmail 8.12.4
sendmail sendmail 8.12.5
CVE-2002-2423 MEDIUM

Sendmail 8.12.0 through 8.12.6 truncates log messages longer than 100 characters, which allows remote attackers to prevent the IP address from being logged via a long IDENT response.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
sendmail sendmail 8.12.0
sendmail sendmail 8.12.1
sendmail sendmail 8.12.3
sendmail sendmail 8.12.6
sendmail sendmail 8.12.4
sendmail sendmail 8.12.2
sendmail sendmail 8.12.5
CVE-2003-0161 HIGH

The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
compaq tru64 5.1_pk3_bl17
sun solaris 2.5
hp hp-ux 10.00
compaq tru64 5.1
compaq tru64 5.1_pk5_bl19
compaq tru64 4.0d
sendmail sendmail_switch 2.1.3
sun solaris 2.4
hp hp-ux 10.20
sendmail sendmail 8.12.7
sendmail sendmail 8.12.8
hp hp-ux 10.01
sendmail sendmail 8.11.4
hp hp-ux 11.22
sendmail sendmail_switch 2.2.1
sendmail sendmail_switch 2.2.4
sun sunos 5.8
sendmail sendmail 8.12.2
compaq tru64 4.0b
sendmail sendmail 8.10.2
sendmail sendmail 2.6.1
compaq tru64 4.0g_pk3_bl17
sendmail sendmail_switch 3.0.2
sun sunos -
hp hp-ux 11.20
hp hp-ux 11.0.4
sendmail sendmail 8.11.3
sendmail sendmail 8.12.1
hp hp-ux 10.24
sendmail sendmail 8.10
compaq tru64 5.1a_pk3_bl3
hp hp-ux 10.08
sendmail sendmail 8.11.5
sendmail sendmail_switch 3.0.3
sendmail sendmail_switch 2.1.4
compaq tru64 5.1_pk6_bl20
hp hp-ux_series_700 10.20
sendmail sendmail 3.0.2
compaq tru64 5.1a_pk1_bl1
sun sunos 5.5.1
sendmail sendmail 8.11.6
sun solaris 2.6
sendmail sendmail 8.12.0
sendmail sendmail 8.9.3
compaq tru64 5.0
hp hp-ux 10.10
compaq tru64 4.0f
sun solaris 2.5.1
sendmail sendmail_switch 2.1
sendmail sendmail 2.6
sendmail sendmail 8.12.5
sendmail sendmail_switch 2.2
sendmail sendmail 3.0.3
hp sis *
compaq tru64 4.0f_pk7_bl18
compaq tru64 5.1a_pk2_bl2
compaq tru64 5.1_pk4_bl18
sendmail sendmail 8.12.3
sendmail sendmail_switch 2.2.3
sendmail sendmail 8.12.6
sun solaris 9.0
compaq tru64 5.0_pk4_bl18
sendmail sendmail 8.9.1
hp hp-ux 10.26
hp hp-ux 10.16
compaq tru64 5.1b
compaq tru64 5.1b_pk1_bl1
sendmail sendmail 3.0.1
sun sunos 5.7
sendmail sendmail_switch 2.1.1
compaq tru64 5.0_pk4_bl17
compaq tru64 5.0a
hp hp-ux 10.30
sendmail sendmail_switch 3.0
sendmail sendmail_switch 3.0.1
sendmail sendmail_switch 2.1.2
compaq tru64 4.0g
compaq tru64 4.0d_pk9_bl17
sendmail sendmail 8.11.0
sendmail sendmail 8.12
sendmail sendmail_switch 2.2.5
hp hp-ux 11.11
sendmail sendmail 8.9.2
hp hp-ux 10.34
sendmail sendmail 2.6.2
sendmail sendmail_switch 2.2.2
sun sunos 5.5
sendmail sendmail 8.10.1
compaq tru64 5.0f
sendmail sendmail 8.11.1
compaq tru64 4.0f_pk6_bl17
sendmail sendmail 8.11.2
sun sunos 5.4
hp hp-ux_series_800 10.20
sendmail sendmail 8.9.0
sendmail sendmail 3.0
sun solaris 7.0
sun solaris 8.0
sendmail sendmail_switch 2.1.5
hp hp-ux 11.00
sendmail sendmail 8.12.4
compaq tru64 5.0a_pk3_bl17
compaq tru64 5.1a
hp hp-ux 10.09
CVE-2003-0308 HIGH

The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely create temporary files, which could allow local users to gain additional privileges via (1) expn, (2) checksendmail, or (3) doublebounce.pl.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sendmail sendmail 8.12.3
debian debian_linux 3.0
sendmail sendmail 8.9.3
sendmail sendmail 8.12.9
CVE-2003-0681 HIGH

A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sendmail sendmail_switch 2.1.3
sendmail sendmail 8.12.7
sendmail sendmail 8.12.8
netbsd netbsd 1.5.3
sendmail sendmail 8.11.4
hp hp-ux 11.22
sendmail sendmail_switch 2.2.1
sendmail sendmail_switch 2.2.4
netbsd netbsd 1.6
apple mac_os_x 10.2.1
sendmail sendmail 8.12.2
turbolinux turbolinux_server 7.0
turbolinux turbolinux_workstation 7.0
sendmail sendmail 8.10.2
sendmail sendmail 2.6.1
netbsd netbsd 1.5.1
sendmail sendmail_switch 3.0.2
gentoo linux 1.1a
gentoo linux 0.5
hp hp-ux 11.0.4
sendmail sendmail 8.11.3
sendmail sendmail 8.12.1
ibm aix 4.3.3
sendmail advanced_message_server 1.3
sendmail sendmail 8.10
turbolinux turbolinux_workstation 6.0
apple mac_os_x 10.2
sendmail sendmail 8.8.8
sendmail sendmail 8.11.5
sendmail sendmail_switch 3.0.3
sendmail sendmail_switch 2.1.4
sendmail sendmail 3.0.2
openbsd openbsd 3.2
sendmail sendmail 8.11.6
sendmail sendmail 8.12.0
apple mac_os_x_server 10.2
sendmail sendmail 8.9.3
ibm aix 5.2
netbsd netbsd 1.5
apple mac_os_x_server 10.2.4
sendmail sendmail_switch 2.1
sendmail sendmail 2.6
sendmail sendmail 8.12.5
sendmail sendmail_switch 2.2
sendmail sendmail 3.0.3
gentoo linux 1.4
apple mac_os_x 10.2.2
turbolinux turbolinux_workstation 8.0
sendmail sendmail 8.12.3
sendmail sendmail_switch 2.2.3
turbolinux turbolinux_server 6.5
sendmail sendmail 8.12.6
ibm aix 5.1
apple mac_os_x_server 10.2.1
sendmail sendmail 8.9.1
sendmail sendmail 3.0.1
sendmail sendmail_switch 2.1.1
netbsd netbsd 1.4.3
turbolinux turbolinux_advanced_server 6.0
apple mac_os_x 10.2.3
sendmail sendmail_switch 3.0
apple mac_os_x_server 10.2.6
sendmail sendmail_switch 3.0.1
apple mac_os_x 10.2.6
sendmail sendmail_switch 2.1.2
turbolinux turbolinux_server 6.1
sendmail sendmail_pro 8.9.2
apple mac_os_x 10.2.5
sendmail sendmail 8.11.0
apple mac_os_x_server 10.2.2
sendmail sendmail 8.12
netbsd netbsd 1.6.1
sendmail sendmail 8.12.9
sendmail sendmail_switch 2.2.5
netbsd netbsd 1.5.2
apple mac_os_x_server 10.2.5
hp hp-ux 11.11
apple mac_os_x 10.2.4
sendmail sendmail 8.9.2
sendmail sendmail 2.6.2
sendmail sendmail_switch 2.2.2
sendmail sendmail 8.10.1
sendmail sendmail_pro 8.9.3
sendmail sendmail 8.11.1
sendmail advanced_message_server 1.2
gentoo linux 1.2
turbolinux turbolinux_server 8.0
apple mac_os_x_server 10.2.3
sendmail sendmail 8.11.2
sendmail sendmail 8.9.0
sendmail sendmail 3.0
openbsd openbsd 3.3
sendmail sendmail_switch 2.1.5
hp hp-ux 11.00
gentoo linux 0.7
sendmail sendmail 8.12.4
CVE-2003-0688 MEDIUM

The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that causes Sendmail to free incorrect data.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 3.2
freebsd freebsd 4.7
redhat sendmail 8.12.8-4
compaq tru64 5.1
sgi irix 6.5.20
sendmail sendmail 8.12.7
sendmail sendmail 8.12.8
sgi irix 6.5.21
freebsd freebsd 4.8
compaq tru64 5.0a
sendmail sendmail 8.12.1
sendmail sendmail 8.12.3
sendmail sendmail 8.12.6
sgi irix 6.5.19
freebsd freebsd 5.0
freebsd freebsd 4.6
sendmail sendmail 8.12.4
sendmail sendmail 8.12.2
sendmail sendmail 8.12.5
redhat sendmail 8.12.5-7
CVE-2003-0694 HIGH

The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
compaq tru64 5.1_pk3_bl17
freebsd freebsd 5.1
sgi irix 6.5.15
compaq tru64 5.1
sgi irix 6.5.19f
compaq tru64 5.1_pk5_bl19
sgi irix 6.5.21f
sendmail sendmail_switch 2.1.3
sendmail sendmail 8.12.7
sendmail sendmail 8.12.8
netbsd netbsd 1.5.3
sendmail sendmail 8.11.4
hp hp-ux 11.22
sendmail sendmail_switch 2.2.1
compaq tru64 5.1a_pk5_bl23
sendmail sendmail_switch 2.2.4
sun sunos 5.8
netbsd netbsd 1.6
apple mac_os_x 10.2.1
sendmail sendmail 8.12.2
turbolinux turbolinux_server 7.0
turbolinux turbolinux_workstation 7.0
sendmail sendmail 8.10.2
sendmail sendmail 2.6.1
compaq tru64 4.0g_pk3_bl17
netbsd netbsd 1.5.1
sendmail sendmail_switch 3.0.2
gentoo linux 1.1a
gentoo linux 0.5
sgi irix 6.5.18f
freebsd freebsd 4.3
sun sunos -
freebsd freebsd 4.4
hp hp-ux 11.0.4
freebsd freebsd 3.0
sendmail sendmail 8.11.3
freebsd freebsd 4.0
sendmail sendmail 8.12.1
ibm aix 4.3.3
sendmail advanced_message_server 1.3
sendmail sendmail 8.10
turbolinux turbolinux_workstation 6.0
apple mac_os_x 10.2
freebsd freebsd 4.5
compaq tru64 5.1a_pk3_bl3
sendmail sendmail 8.8.8
compaq tru64 5.1b_pk2_bl22
sendmail sendmail 8.11.5
sendmail sendmail_switch 3.0.3
sendmail sendmail_switch 2.1.4
compaq tru64 5.1_pk6_bl20
sendmail sendmail 3.0.2
compaq tru64 5.1a_pk1_bl1
sendmail sendmail 8.11.6
sun solaris 2.6
sendmail sendmail 8.12.0
apple mac_os_x_server 10.2
sendmail sendmail 8.9.3
sgi irix 6.5.17f
compaq tru64 5.1a_pk4_bl21
ibm aix 5.2
sgi irix 6.5.18m
freebsd freebsd 4.8
compaq tru64 4.0f
netbsd netbsd 1.5
apple mac_os_x_server 10.2.4
sendmail sendmail_switch 2.1
freebsd freebsd 5.0
sendmail sendmail 2.6
sendmail sendmail 8.12.5
sgi irix 6.5.21m
sendmail sendmail_switch 2.2
sgi irix 6.5.20f
sendmail sendmail 3.0.3
gentoo linux 1.4
apple mac_os_x 10.2.2
compaq tru64 4.0f_pk7_bl18
compaq tru64 5.1a_pk2_bl2
compaq tru64 5.1_pk4_bl18
turbolinux turbolinux_workstation 8.0
sendmail sendmail 8.12.3
sendmail sendmail_switch 2.2.3
freebsd freebsd 4.9
turbolinux turbolinux_server 6.5
compaq tru64 4.0f_pk8_bl22
sendmail sendmail 8.12.6
sun solaris 9.0
ibm aix 5.1
freebsd freebsd 4.6
apple mac_os_x_server 10.2.1
sendmail sendmail 8.9.1
compaq tru64 5.1b
compaq tru64 5.1b_pk1_bl1
sgi irix 6.5.19m
sendmail sendmail 3.0.1
sun sunos 5.7
sendmail sendmail_switch 2.1.1
netbsd netbsd 1.4.3
sgi irix 6.5.20m
sgi irix 6.5.17m
turbolinux turbolinux_advanced_server 6.0
apple mac_os_x 10.2.3
sendmail sendmail_switch 3.0
apple mac_os_x_server 10.2.6
sendmail sendmail_switch 3.0.1
apple mac_os_x 10.2.6
sendmail sendmail_switch 2.1.2
turbolinux turbolinux_server 6.1
compaq tru64 4.0g
sendmail sendmail_pro 8.9.2
apple mac_os_x 10.2.5
sendmail sendmail 8.11.0
compaq tru64 4.0g_pk4_bl22
apple mac_os_x_server 10.2.2
sendmail sendmail 8.12
netbsd netbsd 1.6.1
sendmail sendmail 8.12.9
sgi irix 6.5.16
sendmail sendmail_switch 2.2.5
netbsd netbsd 1.5.2
apple mac_os_x_server 10.2.5
hp hp-ux 11.11
apple mac_os_x 10.2.4
sendmail sendmail 8.9.2
sendmail sendmail 2.6.2
sendmail sendmail_switch 2.2.2
sendmail sendmail 8.10.1
sendmail sendmail_pro 8.9.3
sendmail sendmail 8.11.1
sendmail advanced_message_server 1.2
freebsd freebsd 4.7
gentoo linux 1.2
turbolinux turbolinux_server 8.0
apple mac_os_x_server 10.2.3
compaq tru64 4.0f_pk6_bl17
sendmail sendmail 8.11.2
sendmail sendmail 8.9.0
sendmail sendmail 3.0
sun solaris 7.0
sun solaris 8.0
sendmail sendmail_switch 2.1.5
hp hp-ux 11.00
gentoo linux 0.7
sendmail sendmail 8.12.4
compaq tru64 5.1a
CVE-2005-2070 MEDIUM

The ClamAV Mail fILTER (clamav-milter) 0.84 through 0.85d, when used in Sendmail using long timeouts, allows remote attackers to cause a denial of service by keeping an open connection, which prevents ClamAV from reloading.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sendmail sendmail 8.11.0
sendmail sendmail 8.8.8
sendmail sendmail 8.12
sendmail sendmail 8.12.9
sendmail sendmail 8.12.7
sendmail sendmail 8.12.8
sendmail sendmail 8.11.5
sendmail sendmail 8.9.2
sendmail sendmail 8.12.3
sendmail sendmail 8.11.4
sendmail sendmail 8.10.1
sendmail sendmail 8.11.1
sendmail sendmail 8.12.6
sendmail sendmail 8.11.7
sendmail sendmail 8.12.2
sendmail sendmail 8.10.2
sendmail sendmail 8.9.1
sendmail sendmail 8.11.6
sendmail sendmail 8.12.0
sendmail sendmail 8.9.3
sendmail sendmail 8.12.10
sendmail sendmail 8.11.2
sendmail sendmail 8.9.0
sendmail sendmail 8.11.3
sendmail sendmail 8.12.1
sendmail sendmail 8.10
sendmail sendmail 8.12.4
sendmail sendmail 8.12.5
sendmail sendmail 8.12.11
CVE-2006-0058 HIGH

Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sendmail sendmail 8.13.2
sendmail sendmail 8.13.3
sendmail sendmail 8.13.4
sendmail sendmail 8.13.1
sendmail sendmail 8.13.0
sendmail sendmail 8.13.5
CVE-2006-1173 MEDIUM

Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
sendmail sendmail 8.11.0
sendmail sendmail 8.8.8
sendmail sendmail 8.12
sendmail sendmail 8.12.9
sendmail sendmail 8.12.7
sendmail sendmail 8.12.8
sendmail sendmail 8.11.5
sendmail sendmail 8.9.2
sendmail sendmail 8.12.3
sendmail sendmail 8.11.4
sendmail sendmail 8.10.1
sendmail sendmail 8.11.1
sendmail sendmail 8.12.6
sendmail sendmail 8.11.7
sendmail sendmail 8.13.3
sendmail sendmail 8.13.4
sendmail sendmail 8.12.2
sendmail sendmail 8.10.2
sendmail sendmail 8.13.1.2
sendmail sendmail 8.9.1
sendmail sendmail 8.11.6
sendmail sendmail 8.12.0
sendmail sendmail 8.9.3
sendmail sendmail 8.12.10
sendmail sendmail *
sendmail sendmail 8.11.2
sendmail sendmail 8.9.0
sendmail sendmail 8.13.0
sendmail sendmail 8.13.5
sendmail sendmail 8.11.3
sendmail sendmail 8.12.1
sendmail sendmail 8.10
sendmail sendmail 8.13.2
sendmail sendmail 8.12.4
sendmail sendmail 8.13.1
sendmail sendmail 8.12.5
sendmail sendmail 8.12.11
CVE-2006-4434 MEDIUM

Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of this issue, saying "The only denial of service that is possible here is to fill up the disk with core dumps if the OS actually generates different core dumps (which is unlikely)... the bug is in the shutdown code (finis()) which leads directly to exit(3), i.e., the process would terminate anyway, no mail delivery or receiption is affected."

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
sendmail sendmail *
CVE-2014-3956 LOW

The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
sendmail sendmail 8.7.10
freebsd freebsd *
sendmail sendmail 8.14.6
sendmail sendmail 8.12.7
sendmail sendmail 8.12.8
sendmail sendmail 8.13.6
sendmail sendmail 8.12.3
sendmail sendmail 8.11.4
sendmail sendmail 8.14.3
sendmail sendmail 8.12.6
sendmail sendmail 8.14.4
sendmail sendmail 8.12.2
sendmail sendmail 8.10.2
sendmail sendmail 8.9.1
sendmail sendmail 8.14.2
sendmail sendmail 8.10.0
sendmail sendmail 8.7.7
sendmail sendmail 8.12.10
sendmail sendmail 8.7.9
sendmail sendmail 8.13.8
sendmail sendmail 8.11.3
sendmail sendmail 8.12.1
sendmail sendmail 8.10
sendmail sendmail 8.13.2
sendmail sendmail 8.13.1
sendmail sendmail 8.13.7
sendmail sendmail 8.12.11
sendmail sendmail 8.11.0
sendmail sendmail 8.8.8
hp hpux *
sendmail sendmail 8.12.9
sendmail sendmail 8.14.1
sendmail sendmail 8.11.5
sendmail sendmail 8.9.2
sendmail sendmail 8.10.1
sendmail sendmail 8.11.1
sendmail sendmail 8.14.7
sendmail sendmail 8.11.7
sendmail sendmail 8.13.3
sendmail sendmail 8.13.4
sendmail sendmail 8.7.6
sendmail sendmail 8.7.8
sendmail sendmail 8.11.6
sendmail sendmail 8.6.7
sendmail sendmail 8.12.0
sendmail sendmail 8.9.3
sendmail sendmail *
sendmail sendmail 8.11.2
fedoraproject fedora 20
sendmail sendmail 8.9.0
sendmail sendmail 8.13.0
sendmail sendmail 8.13.5
sendmail sendmail 8.14.0
sendmail sendmail 8.12.4
sendmail sendmail 8.14.5
sendmail sendmail 8.12.5
CVE-2021-3618 MEDIUM

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,CWE-295,

Products Affected

Vendor Product Version
fedoraproject fedora 33
f5 nginx *
fedoraproject fedora 34
debian debian_linux 10.0
sendmail sendmail *
vsftpd_project vsftpd *
fedoraproject fedora 35
CVE-2023-51765

sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports <LF>.<CR><LF> but some other popular e-mail servers do not. This is resolved in 8.18 and later versions with 'o' in srv_features.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

Products Affected

Vendor Product Version
freebsd freebsd *
sendmail sendmail *
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0